于已部署好的Ceph集群,部署一个网关服务器,进行对象存储服务。全文分别对依赖包安装、配置、验证做了详细说明。该过程经过实际验证
-
引言
-
基于已部署好的Ceph集群,部署一个网关服务器,进行对象存储服务。操作系统CentOS6.5 CEPH0.94.3其实基于librados可以直接进行访问,但是我看了百度,UCLOUD的对象存储,用户在网页上进行文件的上传、下载时,都通过web服务器间接和存储集群打交道,进行了一层隔离,而不是直接和集群进行通信操作。我得理解是便于访问控制以及隔离。
1.依赖包安装
Ceph rados-gateway依赖Apache和FastCGI, 用户的请求先到web服务器,再走rados-gateway进入集群之中。
1.1 安装Apache服务
一般的apache版本都是2.2,但是没有
mod_proxy_fcgi,所以我们直接安装apache 2.4版本的!
-
安装apache2.4
-
执行
-
cd /etc/yum.repos.d
-
wget
-
wget
-
建议先把已安装的卸载掉(上面已有apache2.2)
-
查看已安装
-
yum list installed httpd*
-
卸载
-
yum remove httpd
-
-
查看可安装httpd
-
yum list httpd*
-
安装
-
yum install httpd24-httpd httpd24-httpd-devel httpd24-mod_ssl hhvm
1.2 配置http服务器
-
[root@hhly001 conf]# pwd
-
/opt/rh/httpd24/root/etc/httpd/conf
将ServerName的注释号去掉,添加上自己网关服务器的IP地址
-
272 # If your host doesn't have a registered DNS name, enter its IP address here.
-
273 # You will have to access it by its address anyway, and this will make
-
274 # redirections work in a sensible way.
-
275 #
-
276 ServerName 192.168.12.12:80
在配置中增加如下信息,加载mod_proxy_fcgi
-
-
LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
-
此处需注意,需要将该段内容加载LoadModule系列的后面,否则会报如下错误:
-
service httpd start
-
Starting httpd: httpd: Syntax error on line 129 of /etc/httpd/conf/httpd.conf: Cannot load /etc/httpd/modules/mod_proxy_fcgi.so into server: /etc/httpd/modules/mod_proxy_fcgi.so: undefined symbol: ap_proxy_release_connection
修改配置中的LISTEN字段,将网关所在主机的IP地址添加进去
-
# Listen: Allows you to bind Apache to specific IP addresses and/or
-
# ports, in addition to the default. See also the
-
# directive.
-
#
-
# Change this to Listen on specific IP addresses as shown below to
-
# prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
-
#
-
Listen 192.168.12.12:80
-
#Listen 80
1.3 SSL支持 (此处是否必须不是很清楚,只是按照官方文档走)
秘钥文件生成
-
yum install mod_ssl openssl
-
openssl genrsa -out ca.key 2048
-
openssl req -new -key ca.key -out ca.csr
-
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
文件目录放置sudo cp ca.crt /etc/pki/tls/certs
-
sudo cp ca.key /etc/pki/tls/private/ca.key
-
sudo cp ca.csr /etc/pki/tls/private/ca.csr
配置文件修改[root@hhly001 conf.d]# pwd
/opt/rh/httpd24/root/etc/httpd/conf.d
-
SSLCertificateFile /etc/pki/tls/certs/ca.crt
-
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
重启httpd服务sudo service httpd restart
1.4 网关服务安装
至此,相关依赖包安装完毕
2. CEPH网关服务配置
ceph网关其实是ceph集群的一个客户端,用户通过这个网关间接访问ceph集群,作为客户端,它需要准备如下内容:
网关名称,此处用gateway称呼
一个可以访问存储集群的用户以及对应的KEYRING
数据资源池,这个由ceph集群提供
为网关服务示例准备一个数据存放空间
在ceph.conf配置文件中设置gateway信息
2.1 创建访问用户及权限设置
创建gateway keyring,一开始该文件为空
-
sudo ceph-authtool --create-keyring /etc/ceph/ceph.client.radosgw.keyring
-
sudo chmod +r /etc/ceph/ceph.client.radosgw.keyring
创建网关用户名以及key 此处名字为 client.radosgw.gateway
-
ceph-authtool /etc/ceph/ceph.client.radosgw.keyring -n client.radosgw.gateway --gen-key
为KEYRING添加权限
-
ceph-authtool -n client.radosgw.gateway --cap osd 'allow rwx' --cap mon 'allow rwx' /etc/ceph/ceph.client.radosgw.keyring
将key添加到集群中
-
sudo ceph -k /etc/ceph/ceph.client.admin.keyring auth add client.radosgw.gateway -i /etc/ceph/ceph.client.radosgw.keyring
将相关的KEYRING文件拷贝到rados-gateway所在的主机 /etc/ceph/目录下
2.2 数据资源池创建
-
[root@hhly001 conf.d]# rados lspools
-
mytest
-
.rgw
-
.rgw.root
-
.rgw.control
-
.rgw.gc
-
.rgw.buckets
-
.rgw.buckets.index
-
.log
-
.intent-log
-
.usage
-
.users
-
.users.email
-
.users.swift
-
.users.uid
-
ceph osd pool create .rgw 128 128
-
ceph osd pool create .rgw.root 128 128
-
ceph osd pool create .rgw.control 128 128
-
ceph osd pool create .rgw.gc 128 128
-
ceph osd pool create .rgw.buckets 128 128
-
ceph osd pool create .rgw.buckets.index 128 128
-
ceph osd pool create .log 128 128
-
ceph osd pool create .intent-log 128 128
-
ceph osd pool create .usage 128 128
-
ceph osd pool create .users 128 128
-
ceph osd pool create .users.email 128 128
-
ceph osd pool create .users.swift 128 128
-
ceph osd pool create .users.uid 128 128
2.3 将网关配置信息添加到集群配置中
-
[client.radosgw.gateway]
-
host=hhly001
-
keyring=/etc/ceph/ceph.client.radosgw.keyring
-
rgw socket path=/var/run/ceph/ceph.radosgw.gateway.fastcgi.sock
-
log file=/var/log/radosgw/client.radosgw.gateway.log
-
rgw frontends=fastcgi socket_port=9000 socket_host=0.0.0.0
-
rgw print continue=false
2.4 目录及权限调整
创建数据目录
-
sudo mkdir -p /var/lib/ceph/radosgw/ceph-radosgw.gateway
-
调整apache运行权限
-
sudo chown apache:apache /var/run/ceph
调整日志权限
-
sudo chown apache:apache /var/log/radosgw/client.radosgw.gateway.log
启动网关服务sudo /etc/init.d/ceph-radosgw start
2.5 网关配置文件
一个配置文件,用于web server和FastCGI之间的交互
sudo vi /etc/httpd/conf.d/rgw.conf
-
[root@hhly001 conf.d]# cat rgw.conf
-
-
ServerName 192.168.12.12
-
DocumentRoot /opt/rh/httpd24/root/var/www/html
-
-
ErrorLog /var/log/httpd/rgw_error.log
-
CustomLog /var/log/httpd/rgw_access.log combined
-
-
RewriteEngine On
-
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
-
-
SetEnv proxy-nokeepalive 1
-
-
ProxyPass / fcgi://192.168.12.12:9000/
-
阅读(3019) | 评论(0) | 转发(0) |